UbuntuUpdates.org

Package "qemu"

Name: qemu

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • extra block backend modules for qemu-system and qemu-utils
  • QEMU Full virtualization
  • QEMU full system emulation binaries (arm)
  • QEMU full system emulation binaries (common files)

Latest version: 1:2.10+dfsg-0ubuntu3.8
Release: artful (17.10)
Level: updates
Repository: main

Links

Save this URL for the latest version of "qemu": https://www.ubuntuupdates.org/qemu



Other versions of "qemu" in Artful

Repository Area Version
base universe 1:2.10+dfsg-0ubuntu3
base main 1:2.10+dfsg-0ubuntu3
security main 1:2.10+dfsg-0ubuntu3.8
security universe 1:2.10+dfsg-0ubuntu3.8
updates universe 1:2.10+dfsg-0ubuntu3.8

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1:2.10+dfsg-0ubuntu3.8 2018-06-12 14:06:40 UTC

  qemu (1:2.10+dfsg-0ubuntu3.8) artful-security; urgency=medium

  * SECURITY UPDATE: Speculative Store Bypass
    - debian/patches/CVE-2018-3639-2.patch: define the AMD 'virt-ssbd'
      CPUID feature bit in target/i386/cpu.c.
    - debian/patches/CVE-2018-3639-3.patch: define the Virt SSBD MSR and
      handling of it in target/i386/cpu.h, target/i386/kvm.c,
      target/i386/machine.c.
    - CVE-2018-3639

 -- Marc Deslauriers <email address hidden> Wed, 23 May 2018 07:59:37 -0400

Source diff to previous version
CVE-2018-3639 Speculative Store Bypass

Version: 1:2.10+dfsg-0ubuntu3.7 2018-05-22 01:06:55 UTC

  qemu (1:2.10+dfsg-0ubuntu3.7) artful-security; urgency=medium

  * SECURITY UPDATE: Speculative Store Bypass
    - debian/patches/ubuntu/CVE-2018-3639.patch: add bit(2) of SPEC_CTRL
      MSR support - Reduced Data Speculation to target/i386/cpu.*.
    - CVE-2018-3639

 -- Marc Deslauriers <email address hidden> Thu, 17 May 2018 10:00:30 -0400

Source diff to previous version
CVE-2018-3639 Speculative Store Bypass

Version: 1:2.10+dfsg-0ubuntu3.6 2018-05-16 17:07:31 UTC

  qemu (1:2.10+dfsg-0ubuntu3.6) artful-security; urgency=medium

  * SECURITY UPDATE: arbitrary code execution via load_multiboot
    - debian/patches/CVE-2018-7550.patch: handle bss_end_addr being zero in
      hw/i386/multiboot.c.
    - CVE-2018-7550
  * SECURITY UPDATE: denial of service in Cirrus CLGD 54xx VGA
    - debian/patches/CVE-2018-7858.patch: fix region calculation in
      hw/display/vga.c.
    - CVE-2018-7858
  * debian/patches/vhost_fix_*.patch: restore avail index from vring used
    index on disconnection in hw/virtio/vhost.c.

 -- Marc Deslauriers <email address hidden> Fri, 11 May 2018 13:32:25 -0400

Source diff to previous version
CVE-2018-7550 The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU hos
CVE-2018-7858 Quick Emulator (aka QEMU), when built with the Cirrus CLGD 54xx VGA Emulator support, allows local guest OS privileged users to cause a denial of ser

Version: 1:2.10+dfsg-0ubuntu3.5 2018-02-20 23:07:06 UTC

  qemu (1:2.10+dfsg-0ubuntu3.5) artful-security; urgency=medium

  * SECURITY UPDATE: DoS via out-of-bounds read in VGA driver
    - debian/patches/CVE-2017-13672-2.patch: handle cirrus vbe mode
      wraparounds in hw/display/vga.c.
    - debian/patches/CVE-2017-13672-3.patch: fix region checks in
      wraparound case in hw/display/vga.c.
    - CVE-2017-13672
  * SECURITY UPDATE: information disclosure via race in 9pfs
    - debian/patches/CVE-2017-15038.patch: use g_malloc0 to allocate space
      for xattr in hw/9pfs/9p.c.
    - CVE-2017-15038
  * SECURITY UPDATE: long export name overflow in NBD server
    - debian/patches/CVE-2017-15118.patch: check length in nbd/server.c.
    - CVE-2017-15118
  * SECURITY UPDATE: DoS via large option request in NBD server
    - debian/patches/CVE-2017-15119.patch: reject options larger than 32M
      in nbd/server.c.
    - CVE-2017-15119
  * SECURITY UPDATE: DoS via unbounded memory allocation in VNC server
    - debian/patches/CVE-2017-15124-pre1.patch: remove 'sync' parameter
      from vnc_update_client in ui/vnc.c.
    - debian/patches/CVE-2017-15124-pre2.patch: remove unreachable code in
      vnc_update_client in ui/vnc.c.
    - debian/patches/CVE-2017-15124-pre3.patch: remove redundant
      indentation in vnc_client_update in ui/vnc.c.
    - debian/patches/CVE-2017-15124-pre4.patch: avoid pointless VNC updates
      if framebuffer isn't dirty in ui/vnc.c.
    - debian/patches/CVE-2017-15124-pre5.patch: introduce enum to track VNC
      client framebuffer update request state in ui/vnc.*.
    - debian/patches/CVE-2017-15124-pre6.patch: correctly reset framebuffer
      update state after processing dirty regions in ui/vnc.c.
    - debian/patches/CVE-2017-15124-pre7.patch: refactor code for
      determining if an update should be sent to the client in ui/vnc.c.
    - debian/patches/CVE-2017-15124-pre8.patch: track how much decoded data
      we consumed when doing SASL encoding in ui/vnc-auth-sasl.c,
      ui/vnc-auth-sasl.h.
    - debian/patches/CVE-2017-15124-1.patch: fix VNC client throttling when
      audio capture is active in ui/vnc.*.
    - debian/patches/CVE-2017-15124-2.patch: fix VNC client throttling when
      forced update is requested in ui/vnc-auth-sasl.c, ui/vnc-jobs.c,
      ui/vnc.*.
    - debian/patches/CVE-2017-15124-3.patch: place a hard cap on VNC server
      output buffer size in ui/vnc.c.
    - CVE-2017-15124
  * SECURITY UPDATE: memory leak in websocket GSource
    - debian/patches/CVE-2017-15268.patch: monitor encoutput buffer size
      from websocket GSource in io/channel-websock.c.
    - CVE-2017-15268
  * SECURITY UPDATE: DoS in cirrus driver
    - debian/patches/CVE-2017-15289.patch: fix oob access in mode4and5
      write functions in hw/display/cirrus_vga.c.
    - CVE-2017-15289
  * SECURITY UPDATE: out-of-bounds access in ps2 driver
    - debian/patches/CVE-2017-16845.patch: check PS2Queue pointers in
      post_load routine in hw/input/ps2.c.
    - CVE-2017-16845
  * SECURITY UPDATE: DoS in Virtio Vring implementation
    - debian/patches/CVE-2017-17381.patch: check VirtQueue Vring object is
      set in hw/virtio/virtio.c.
    - CVE-2017-17381
  * SECURITY UPDATE: DoS in VGA driver
    - debian/patches/CVE-2018-5683.patch: check the validation of memory
      addr when draw text in hw/display/vga.c.
    - CVE-2018-5683

 -- Marc Deslauriers <email address hidden> Wed, 14 Feb 2018 14:19:31 -0500

Source diff to previous version
CVE-2017-13672 QEMU (aka Quick Emulator), when built with the VGA display emulator support, allows local guest OS privileged users to cause a denial of service (out
CVE-2017-15038 Race condition in the v9fs_xattrwalk function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS users to obtain sensitive informatio
CVE-2017-15118 stack buffer overflow in NBD server triggered via long export name
CVE-2017-15119 DoS via large option request
CVE-2017-15124 VNC server implementation in Quick Emulator (QEMU) 2.11.0 and older was found to be vulnerable to an unbounded memory allocation issue, as it did not
CVE-2017-15268 Qemu through 2.10.0 allows remote attackers to cause a memory leak by triggering slow data-channel read operations, related to io/channel-websock.c.
CVE-2017-15289 The mode4and5 write functions in hw/display/cirrus_vga.c in Qemu allow local OS guest privileged users to cause a denial of service (out-of-bounds wr
CVE-2017-16845 hw/input/ps2.c in Qemu does not validate 'rptr' and 'count' values during guest migration, leading to out-of-bounds access.
CVE-2017-17381 The Virtio Vring implementation in QEMU allows local OS guest users to cause a denial of service (divide-by-zero error and QEMU process crash) by uns
CVE-2018-5683 The vga_draw_text function in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by

Version: 1:2.10+dfsg-0ubuntu3.4 2018-02-07 20:06:41 UTC

  qemu (1:2.10+dfsg-0ubuntu3.4) artful-security; urgency=medium

  * SECURITY UPDATE: Add support for Spectre mitigations (LP: #1744882)
    - debian/patches/CVE-2017-5715-1.patch: Change X86CPUDefinition::
      model_id to const char* in target/i386/cpu.c.
    - debian/patches/CVE-2017-5715-2.patch: Add support for SPEC_CTRL MSR
      in target/i386/cpu.h, target/i386/kvm.c, target/i386/machine.c.
    - debian/patches/CVE-2017-5715-3.patch: Add spec-ctrl CPUID bit in
      target/i386/cpu.c, target/i386/cpu.h.
    - debian/patches/CVE-2017-5715-4.patch: Add FEAT_8000_0008_EBX CPUID
      feature word in target/i386/cpu.c, target/i386/cpu.h.
    - debian/patches/CVE-2017-5715-5.patch: Add new -IBRS versions of Intel
      CPU models in target/i386/cpu.c.
    - debian/patches/CVE-2017-5715-s390x-1.patch: add linux-header content
      for bpbc in linux-headers/asm-s390/kvm.h, linux-headers/linux/kvm.h.
    - debian/patches/CVE-2017-5715-s390x-2.patch: handle bpb feature in
      target/s390x/cpu.c, target/s390x/cpu.h, target/s390x/cpu_features.c,
      target/s390x/cpu_features_def.h, target/s390x/gen-features.c,
      target/s390x/kvm.c, target/s390x/machine.c.
    - debian/patches/CVE-2017-5715-s390x-3.patch: provide stfle.81 in
      target/s390x/cpu_features.c, target/s390x/cpu_features_def.h,
      target/s390x/gen-features.c.
    - CVE-2017-5715

 -- Marc Deslauriers <email address hidden> Thu, 01 Feb 2018 13:28:07 -0500

1744882 Add SPEC_CTRL and IBRS changes
CVE-2017-5715 Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an at



About   -   Send Feedback to @ubuntu_updates